MAL-2026-3691

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/enhancer/MAL-2026-3691.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-3691

Published

2026-05-12T07:42:46Z

Modified

2026-05-13T20:22:43.080574Z

Summary

Malicious code in enhancer (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf)

The distribution is published as enhancer but installs modules under the top-level safety namespace (setup.py declares namespace_packages=['safety'] and find_namespace_packages(include=['safety.*']), shipping safety/_python/ and safety/tools/). The real safety package on PyPI (PyUp vulnerability scanner) owns that import path, so any installer code or transitive dependency doing import safety.tools will resolve into attacker-controlled modules. safety/tools/__init__.py actively harvests sensitive values from pyUltroid.configs.Var (APIID, APIHASH, DETAKEY, SESSION, VCSESSION, REDISPASSWORD, HEROKUAPI, BOT_TOKEN) into a module-level _get_sys dict, then blanks them on the Var object and walks os.environ clearing any variable whose name contains those tokens — destructive mutation of installer state, regardless of whether this specific version includes a network sink. Package metadata is hostile/placeholder (author None, url https://fuckoff.com, description Not For U, README # safety-pip), reinforcing intent to be mistaken for the legitimate safety tool. Three independent block signals: namespace hijack, import-time secret/env mutation, and deceptive metadata.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.2.3"
            ],
            "modified_time": "2026-05-12T19:03:07Z",
            "sha256": "cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf",
            "id": "IN-MAL-2026-002222",
            "source": "amazon-inspector",
            "import_time": "2026-05-13T20:10:53.830723958Z"
        }
    ]
}

References

https://pypi.org/project/enhancer/0.2.3/

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

PyPI / enhancer

Package

Name: enhancer; View open source insights on deps.dev
Purl: pkg:pypi/enhancer

Affected ranges

Affected versions

0.*

0.2.3

Database specific

cwes

[
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]

indicators

{
    "package_integrity": [
        {
            "filename": "enhancer-0.2.3-py3-none-any.whl",
            "hashes": {
                "md5": "2e350c2c542cb10d52eb14db52201a83",
                "blake2b_256": "46a214da9637e079f5a66eba22cc0fd6eb85b064a32b2c6dc3f3fd64c96e8a3c",
                "sha256": "23b1082da382f9bfad7c1c10d93c4b148c2fdfc3fc971f061d360db0d1ccb4cf"
            }
        },
        {
            "filename": "enhancer-0.2.3.tar.gz",
            "hashes": {
                "md5": "1f2b6230a3e0a2366b35ab4baa246fb5",
                "blake2b_256": "e8183d5c7bdc660d034c070bd28b60c31bb238814253b0db1ef0786ad0c7683a",
                "sha256": "b52ad059829db05b44396c86541374ba741bb4558d2f5acf928450a317bf8ff2"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "setup.py",
            "tlsh": "78017b47ccca66b527c10048a45b5c01487049633d64b0d97bae830ebf9dacf513626c",
            "sha256": "2533a297dff7b285d891de1592d739b029cc5535d9f3210ca7a1b895bd103ce6"
        },
        {
            "path": "safety/tools/__init__.py",
            "tlsh": "05417226c64b6c61c09a925a4c95c9326b0f28435e20b3707bac135caf8d23f11fef2d",
            "sha256": "ab2b14544001f5912c4e490004b751eb683b5d421d40207c2980e86af2a6e6a2"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/enhancer/MAL-2026-3691.json"